Depending on what types of data you're looking for, you certainly want to consider PCI compliance with regards to what those users are going to be able to see. Obviously, giving someone access to view incidents with Credit Card data has implications to your company with regards to that issue. If that's the case here, you'll want to vett this with your Audit team. You run the risk of granting someone access that you didn't mean to if you systemize this.
You're also going to need to default that new user to a specific role, so you'll want to create the proper filtering in that role so that they only see the incidents that you want them to see (mark a Custom Attribute in the system for the incident that the role filters on, etc). Automatically generating or editing a role is probably going to be far too difficult, so be sure that's defined up front.
Good luck with it...I'd be interested to hear how it works out. Where we did this before was to just do one-off batch loads of users, so it was a little less involved.